Mac Endpoint in “Bypass” or Showing “FDA Error” After Install
search cancel

Mac Endpoint in “Bypass” or Showing “FDA Error” After Install

book

Article ID: 372601

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

After manually installing the Carbon Black Cloud sensor, the sensor remains in Bypass or a FDA Error status

Environment

  • Carbon Black Cloud Sensor: 3.8.0.58 and Higher
  • Apple MacOS:12.7 and Higher

Cause

com.vmware.carbonblack.cloud.se-agent.extension and/or com.vmware.carbonblack.cloud.daemon was not granted Full Disk Permission during sensor installation

Resolution

  1. Follow the steps to Manually Grant Sensor Full Disk Access
  2. Reboot the device
  3. If the issue persists, identify which component is missing permissions:
    1. Navigate to System Settings > Privacy & Security > Full Disk Access.
    2. Grant Terminal Full Disk Access.
    3. Open Terminal and run the following command:
      sqlite3 /Library/Application\ Support/com.apple.TCC/tcc.db 'select client,client_type,auth_value,auth_reason,auth_version from access;'

      • Ensure the output matches the below expected values:
        com.vmware.carbonblack.cloud.se-agent.extension|0|2|4|1
com.vmware.carbonblack.cloud.daemon|0|2|4|1
com.vmware.carbonblack.cloud.se-agent|0|2|4|1
/Applications/VMware Carbon Black Cloud/LiveQuery.bundle/Contents/MacOS/osqueryi|1|2|4|1
/Applications/VMware Carbon Black Cloud/UnInstaller.bundle/Contents/MacOS/UnInstaller|1|2|4|1
/Applications/VMware Carbon Black Cloud/uninstall.bundle/Contents/MacOS/uninstall|1|2|4|1
      • If the output does not match, (example below), it indicates that the steps to manually grant full disk access were not successful. 
        com.vmware.carbonblack.cloud.daemon|0|0|5|1|??
    4. Reboot the endpoint and redo the steps to Manually Grant Sensor Full Disk Access again, ensuring all bundles and executables were dragged into the Full Disk Access Pane
    5. As a final resort:
      • Ensure the OS is updated to the latest version
      • Uninstall the sensor, reboot, and then re-install the sensor
  4. For further assistance open a 'Technical' case with Broadcom Support
Powered by Wolken Software